All Reports

AmeriCorps’ security program has not been effective in accordance with Federal Information Security Management Act (FISMA) since Fiscal Year 2017. In order to determine its current status, AmeriCorps OIG engaged an independent certified public accounting firm to conduct an internal penetration test of AmeriCorps’ network. The independent auditors tested AmeriCorps’ network to evaluate the effectiveness of its information security program and to identify areas of weakness.

Since Fiscal Year (FY) 2017, AmeriCorps has not obtained an audit opinion on its financial statements. In FY 2021, independent auditors found nine material weaknesses and one significant deficiency, resulting in a total of 73 recommendations. In addition, each of AmeriCorps Office of Inspector General’s (OIG) annual Federal Information Security Modernization Act of 2014 (FISMA) evaluations since FY 2017 concluded that AmeriCorps’ cybersecurity and privacy program is ineffective.

In 2019, Congress enacted the Payment Integrity Information Act (PIIA) to update required reporting on agencies’ improper payments. PIIA requires agencies to review and identify programs and activities that may be susceptible to significant improper payments, estimate the improper payments rates in agency programs, and report on their actions to reduce and recover those payments. The Inspector General of each agency assesses compliance with these requirements annually.AmeriCorps implemented corrective actions in FY 2021 that improved its compliance with PIIA reporting requirements.